I'm glad to see progress on this issue! LDAP support out-of-the-box would be really good for Shiro.
I wrote the patch in January, so it probably can't be applied to trunk anymore. Didn't keep it up to date (sorry). Besides, I'm no LDAP expert, those comments from Emmanuel were quite informative. LDAP is not simple at all. For example, this whole DN comparison business, I had no idea!
I wrote the patch by looking at the Active Directory support that was already implemented. I had tried to keep compatibility with AD, but that's also not trivial to achieve (environment is harder to setup).
For some more inspiration on requirements, I suggest looking at Atlassian's Crowd product. Their LDAP support is obviously much more extensive than what Shiro needs to offer, but it provides some good use-cases for using LDAP for authentication (username/passwords) and authorization (providing groups/roles).
Have fun Les!